"A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects." (Robert A. Heinlein)

Sunday, 13 September 2009

Parental control with Open DNS and Linux

My son is growing up very fast (he's 11) of course he is beginning using Internet. I think the better way for children to use the 'net is together with their parents anyway, better safe than sorry, I decided to activate a content filtering service.
Open DNS offers an excellent free content filtering service. Enabling it it's only matter of subscribing, enabling content filtering options and replacing in your network configuration Open DNS servers in place of those provided by your ISP.

Handling the dynamic IP

Open DNS works its content filtering on IP address basis. In most Internet connection IP addresses are dynamically assigned by ISP and may change every time you connect. This means that Open DNS must be kept updated on your current IP address in order to apply your content filtering preferences. This operation can be automatically executed by a small program installed in the client computer.


Ddclient is a small Perl program designed to update dynamic DNS services. Let's now see how I installed and configured it.
First I installed ddclient by a simple apt-get command.
sudo apt-get install ddclient
the installation asks many parameters needed to connect to a DNS service. I didn't care much about it because Open DNS provides the configuration file needed to properly update their servers. After installation completed I edited ddclient configurations files:
I replaced current configuration with the Open DNS one
sudo gedit /etc/ddclient.conf
## OpenDNS.com account-configuration
use=web, web=whatismyip.org


I also configured ddclient in order to run it as a demon
sudo vim /etc/default/ddclient
# Configuration for ddclient scripts
# generated from debconf on sab set 5 18:37:22 CEST 2009
# /etc/default/ddclient

# Set to "true" if ddclient should be run every time a new ppp connection is
# established. This might be useful, if you are using dial-on-demand

# Set to "true" if ddclient should run in daemon mode
# Set the time interval between the updates of the dynamic DNS name in seconds.
# This option only takes effect if the ddclient runs in daemon mode.
ddclient so configured starts as usually with
sudo /etc/init.d/ddclient start

Of course DNS level block is not 100% safe but you have at least to learn what a DNS server is and how to change it before you manage to find a workaround.
Open DNS offers an excellent free service. I started using it as DNS server about one year ago because my ISP DNS servers go down every now and then. I never experienced problems since then. I think Open DNS is a good step for securing your network not only for parental control.